Does anybody know about any archive of the Tagesschau Video Podcast (German TV news)? I'm collecting the videos, and I missed the shows from November 8th and November 13th, and they only provide 7 days of "backlog", after a week they seem to remove the videos (which sucks!)...
Thanks in advance!
It's available for Mac, Windows, and Linux; if you're on Debian unstable the installation is as simple as
apt-get install democracyplayer (I uploaded the new packages yesterday, they should have reached all mirrors by now).
If you want to know what this is all about, but you're reluctant to install yet another program, check out this screencast (MOV, 37MB) which shows the basic functionality and user interface and discusses some of the new features... I think you'll like it.
You can use it for all kinds of video blogs and podcasts, it'll download and play almost anything with an RSS feed.
SELINUX=enforcing" to "
/etc/selinux/config(at least for now), otherwise my system won't boot up anymore because of SELinux denied permissions (I think). I'm pretty sure this is either a bug or me doing something wrong, but I haven't figured out yet what that is.
Both exploits are possible because the input of the programs is not properly (or at all) sanitized. Basically, they call
$wget_cmd is shell (/bin/sh) code which shall download a file via wget. As the
$wget_cmd string contains contents from an untrusted source (HTML/XML on some random server), this results in an "arbitrary code execution" vulnerability, the worst-case scenario you could imagine.
If someone is naive enough to even run such a podcatcher as root, this means a remote root exploit!
Anyways, the RedTeam is definately correct in saying that more and more people start listening to podcasts, and more and more podcatchers are written. But few of them are written with security in mind, which leaves many listeners at risk... I wonder how popular closed-source podcatchers such as iTunes are affected here. Are there any published audits/audit-results (black-box auditing, obviously, as you don't have the source code) for iTunes?
As for Free Software implementations... consider this a call for reviews and audits! If you know/use one of the many podcatchers (or an RSS feed aggregator, which are affected by similar issues), and have some knowledge on secure programming, get the source and review the application. Make the software you use, and the world at large, a little safer.
I'll definately have a look at the programs I'm using soonish...
As mentioned earlier, I wanted to package the KDE videoblog client kitty for Debian. I finally found the time to really do it, and the package has entered Debian unstable a few days ago. The first bug has already been reported (sigh), but I'm working on it.
kitty got even mentioned in Debian Weekly News (w00t!)